XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.CreditsAntisocialReferenceshttps://xenforo.com/community/threads/xenforo-2-3-9-inc-xfmg-2-2-18-released-security-fix.235659/https://www.vulncheck.com/advisories/xenforo-stored-cross-site-scripting-via-bb-code-rendering
